sha256: do not align raw section sizes
A vmlinuz hash was failing because it was being aligned up to the
context.fileAlignment (which is 32) which adds a spurious 16 bytes to
the section size.
Additionally, only hash additional data if the remaining data is
larger than the security directory.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
diff --git a/lib/sha256.c b/lib/sha256.c
index b5b0b3b..180fa16 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -343,19 +343,21 @@
for (i = 0; i < context.NumberOfSections; i++) {
section = sections[i];
hashbase = pecoff_image_address(buffer, DataSize, section->PointerToRawData);
- hashsize = (unsigned int) ALIGN_VALUE(section->SizeOfRawData,
- context.FileAlignment);
+ hashsize = section->SizeOfRawData;
if (hashsize == 0)
continue;
sha256_update(&ctx, hashbase, hashsize);
sum_of_bytes += hashsize;
}
- if (DataSize > sum_of_bytes) {
+ if (DataSize > sum_of_bytes + context.SecDir->Size) {
/* stuff at end to hash */
hashbase = buffer + sum_of_bytes;
hashsize = (unsigned int)(DataSize - context.SecDir->Size - sum_of_bytes);
sha256_update(&ctx, hashbase, hashsize);
+ } else if (DataSize < sum_of_bytes + context.SecDir->Size) {
+ /* warn but hope the checksum is right */
+ Print(L"Invalid Data Size %d bytes too small\n", DataSize + context.SecDir->Size - sum_of_bytes);
}
sha256_finish(&ctx, hash);